Common Vulnerabilities and Exposures by NIST

CVE-2014-3863 N/A

2014-10-20 2014-10-20

Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-8365 N/A

2014-10-20 2014-10-20

Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-8366 N/A

2014-10-20 2014-10-20

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-5025 N/A

2014-10-20 2014-10-20

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-5026 N/A

2014-10-20 2014-10-20

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-5169 N/A

2014-10-20 2014-10-20

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-8363 N/A

2014-10-20 2014-10-20

SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-8364 N/A

2014-10-20 2014-10-20

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-3564 N/A

2014-10-20 2014-10-20

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

Vendor(s): N/A

Affected OS(s) / software(s): N/A